What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the 1995 Data Protection Directive. GDPR becomes enforceable from 25 May 2018.
Our commitment to GDPR Compliance
At Howuku, we write Customer with a capital "C". We do our best to implement services that fulfill our Customers’ needs. One of the most important Customers’ requirement is the security of their data. That is why for us it is paramount. Howuku understands how the fulfillment of GDPR obligations will improve protection of our Customers’ data. We are fully committed to achieving compliance with the GDPR prior to the regulations effective date.
Our Role as a Data Controller and Data Processor
Howuku has customers who are both companies and individuals. We offer a product to companies that allows them to collect and analyze customer experience provided by individuals who may reside in the EU. In this case, through our contract with the company who is our customer, we are acting as a data processor. We collect, store, and retrieve data on their behalf and at their request. We also use our own product to collect, store, and retrieve data to analyze our own product. In this capacity, we are both a data controller and data processor, since the data processing is happening for our own purposes.
Our Use of Third Party Data Processors
Howuku makes use of third party services in infrastructure, reporting, and analytics. It is our obligation to ensure that the processing of data on our behalf is also GDPR compliant. For the details of our third-party tools, please refer to the privacy page.
Your rights and responsibilities
Howuku is required to be in compliance with the GDPR since we offer services to residents of the EU. In order to offer our service, we must collect data that can identify people. In addition to our obligation to follow the regulation, Howuku intends to follow best practices in privacy and protection of data. In accordance with the European General Data Protection Regulation 2016/679 (GDPR) you have a right of access, correction and removal of your personal data which you may exercise by sending us an email at email@example.com. Your requests will be processed within 30 days. We may require that your request be accompanied by a photocopy of proof of identity or authority.
One of the main drivers of the GDPR is informing your customers/users about you data policies. It is therefore required to ask before you are to collect user data through Howuku, you make it easy for your users to see your data policy as explained in your Privacy Statement.
Notification in the event of a Data Breach
We will notify the owners of Howuku accounts within 48 hours of the discovery of a data breach. We will work with our customers to inform Data Subjects of the breach.